News, Analysis and Perspective for Solution Providers and Technology Integrators

Distributed Denial of Service Attacks Increased In 2016, Spurred By IoT Vulnerabilities

Internet of Things botnets were partly to blame for the rise in DDoS cases, according to information service provider Neustar.

By
Lindsey O'DonnellDecember 28, 2016, 12:30 PM EST

The frequency of distributed denial of service (DDoS) attacks increased this year due in part to Internet of Things botnets, according to information service provider Neustar.

The company said it mitigated 40 percent more DDoS attacks from January through November, compared with the same span last year, Neustar said in a recent report.

’The DDoS attack landscape has become increasingly complex in 2016 because there is no singular goal behind these attacks – some seek to disrupt services, while others serve as smokescreens to breach data,’ said Rodney Joffe, senior vice president and fellow at Neustar, in a statement. ’Organizations must remain vigilant against conventional attacks, even as new threats are realized today and in 2017.’

The report comes just weeks after an October DDoS attack – which was launched through IoT devices and blocked an array of websites - deepened the industry's concerns over the security risk of the Internet of Things.

The denial of service attack was launched through Internet of Things consumer devices, including webcams, routers and video recorders, to overwhelm servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites.

The attack on Dyn, which connects users to websites such as Twitter and Netflix, came from tens of millions of addresses on devices infected with malicious software codes, knocking out access by flooding websites with junk data.

Neustar, for its part, said the "threat of IoT botnets was realized" in 2016, and the October incident signaled a "watershed moment" for DDoS attacks.

Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions, said the tech industry has "set the stage" for continued IoT attacks into 2017.

"From a cybersecurity perspective, the IoT industry is about as na&iuml;ve as can be, which is a frightening thought when you consider the proliferation of connected devices in the enterprise, as well as in the consumer markets," he said. "Security has historically been an afterthought from many vendors as they scrambled to define and execute on their IoT strategies in an emerging market in the past few years particularly. Now, the consumer is starting to pay the price for that lack of forethought, and this will continue to grow more impactful as vulnerabilities continue to be discovered and taken advantage of to spread mayhem."

Neustar warned that as botnet code assemblies are published, dangerous new DDoS developments will continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it's rebooted.

Grosfield said the tech industry needs to address these dangers by "taking responsibility" in order to prevent future IoT botnet-enabled DDoS attacks.

"Now is the time to take responsibility and address the shortcomings that created such vulnerabilities, and accept that security in a connected world is of critical importance," he said. "Cybersecurity has never been as mature a field as it is today, and in a very complex world of interconnected technologies, it has never been more important to push for creative solutions … to mitigate the threats businesses and individuals face when embracing technology to enhance their operations and lives."